Proyectos de Subversion Moodle

Rev

| Ultima modificación | Ver Log |

Rev Autor Línea Nro. Línea
1 efrain 1 
<?php
2 
// This file is part of Moodle - http://moodle.org/
3 
//
4 
// Moodle is free software: you can redistribute it and/or modify
5 
// it under the terms of the GNU General Public License as published by
6 
// the Free Software Foundation, either version 3 of the License, or
7 
// (at your option) any later version.
8 
//
9 
// Moodle is distributed in the hope that it will be useful,
10 
// but WITHOUT ANY WARRANTY; without even the implied warranty of
11 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 
// GNU General Public License for more details.
13 
//
14 
// You should have received a copy of the GNU General Public License
15 
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16 
/**
17 
 * Page allowing a platform user, identified by their {iss, sub} tuple, to be bound to a new or existing Moodle account.
18 
 *
19 
 * This is an LTI Advantage specific login feature.
20 
 *
21 
 * The auth flow defined in auth_lti\auth::complete_login() redirects here when a launching user does not have an
22 
 * account binding yet. This page prompts the user to select between:
23 
 * a) An auto provisioned account.
24 
 * An account with auth type 'lti' is created for the user. This account is bound to the launch credentials.
25 
 * Or
26 
 * b) Use an existing account
27 
 * The standard Moodle auth flow is leveraged to get an existing user account. This account is then bound to the launch
28 
 * credentials.
29 
 *
30 
 * @package    auth_lti
31 
 * @copyright  2021 Jake Dallimore <jrhdallimore@gmail.com>
32 
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
33 
 */
34 
 
35 
use core\event\user_login_failed;
36 
use core\output\notification;
37 
 
38 
require_once(__DIR__ . '/../../config.php');
39 
 
40 
global $OUTPUT, $PAGE, $SESSION;
41 
 
42 
// Form fields dealing with the user's choice about account types (new, existing).
43 
$newaccount = optional_param('new_account', false, PARAM_BOOL);
44 
$existingaccount = optional_param('existing_account', false, PARAM_BOOL);
45 
 
46 
if (empty($SESSION->auth_lti) || empty($SESSION->auth_lti->launchdata)) {
47 
    throw new coding_exception('Missing LTI launch credentials.');
48 
}
49 
if (empty($SESSION->auth_lti->returnurl)) {
50 
    throw new coding_exception('Missing return URL.');
51 
}
52 
 
53 
if ($newaccount) {
54 
    require_sesskey();
55 
    $launchdata = $SESSION->auth_lti->launchdata;
56 
    $returnurl = $SESSION->auth_lti->returnurl;
57 
    unset($SESSION->auth_lti);
58 
 
59 
    if (!empty($CFG->authpreventaccountcreation)) {
60 
        // If 'authpreventaccountcreation' is enabled, the option to create a new account isn't presented to users in the form.
61 
        // This just ensures no action is taken were the 'newaccount' value to be present in the submitted data.
62 
 
63 
        // Trigger login failed event.
64 
        $failurereason = AUTH_LOGIN_UNAUTHORISED;
65 
        $event = user_login_failed::create(['other' => ['reason' => $failurereason]]);
66 
        $event->trigger();
67 
 
68 
        // Site settings prevent creating new accounts.
69 
        $errormsg = get_string('cannotcreateaccounts', 'auth_lti');
70 
        $SESSION->loginerrormsg = $errormsg;
71 
        redirect(new moodle_url('/login/index.php'));
72 
    } else {
73 
        // Create a new account and link it, logging the user in.
74 
        $auth = get_auth_plugin('lti');
75 
        $newuser = $auth->find_or_create_user_from_launch($launchdata);
76 
        complete_user_login($newuser);
77 
        $auth->update_user_account($newuser, $launchdata, $launchdata['iss']);
78 
 
79 
        $PAGE->set_context(context_system::instance());
80 
        $PAGE->set_url(new moodle_url('/auth/lti/login.php'));
81 
        $PAGE->set_pagelayout('popup');
82 
        $renderer = $PAGE->get_renderer('auth_lti');
83 
        echo $OUTPUT->header();
84 
        echo $renderer->render_account_binding_complete(
85 
            new notification(get_string('accountcreatedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false),
86 
            $returnurl
87 
        );
88 
        echo $OUTPUT->footer();
89 
        exit();
90 
    }
91 
} else if ($existingaccount) {
92 
    // Only when authenticated can an account be bound, allowing the user to continue to the original launch action.
93 
    require_login(null, false);
94 
    require_sesskey();
95 
    $launchdata = $SESSION->auth_lti->launchdata;
96 
    $returnurl = $SESSION->auth_lti->returnurl;
97 
    unset($SESSION->auth_lti);
98 
 
99 
    global $USER;
100 
    $auth = get_auth_plugin('lti');
101 
    $auth->create_user_binding($launchdata['iss'], $launchdata['sub'], $USER->id);
102 
 
103 
    $PAGE->set_context(context_system::instance());
104 
    $PAGE->set_url(new moodle_url('/auth/lti/login.php'));
105 
    $PAGE->set_pagelayout('popup');
106 
    $renderer = $PAGE->get_renderer('auth_lti');
107 
    echo $OUTPUT->header();
108 
    echo $renderer->render_account_binding_complete(
109 
        new notification(get_string('accountlinkedsuccess', 'auth_lti'), notification::NOTIFY_SUCCESS, false),
110 
        $returnurl
111 
    );
112 
    echo $OUTPUT->footer();
113 
    exit();
114 
}
115 
 
116 
// Render the relevant account provisioning page, based on the provisioningmode set in the calling code.
117 
$PAGE->set_context(context_system::instance());
118 
$PAGE->set_url(new moodle_url('/auth/lti/login.php'));
119 
$PAGE->set_pagelayout('popup');
120 
$renderer = $PAGE->get_renderer('auth_lti');
121 
 
122 
echo $OUTPUT->header();
123 
require_once($CFG->dirroot . '/auth/lti/auth.php');
124 
echo $renderer->render_account_binding_options_page($SESSION->auth_lti->provisioningmode);
125 
echo $OUTPUT->footer();